Resolving e-assessment security issues using agents

Abstract:

The aim of this dissertation is to identify and evaluate current security issues related to eassessment
systems, to identify current technologies used to mitigate the risks associated with these
issues, and to propose a solution in which agents can help to resolve these security issues. This is
attained by evaluating current security issues and defences and their application in the e-assessment
domain, and by proposing a security system which uses agents to resolve some of these security
issues.
The dissertation discusses current security issues experienced with web-applications and how
these issues apply to e-assessment systems. It points out that it is indeed necessary to pay attention
to the security of an e-assessment system, and that proper identification and authentication is crucial
for e-assessment if it aims to replace traditional assessment systems.
Current web-application security mechanisms are discussed in the light of the needs of an eassessment
system. Age old mechanisms such as passwords, as well as more current technology
such as biometrics and security tokens, are evaluated. The impact these mechanisms can have on an
e-assessment system, as well as the implications of implementing these mechanisms, are discussed.
Some methods which an adversary may use to bypass these security mechanisms to either
destabilise or damage an e-assessment system are discussed, along with current defences against
such attacks. These attacks include destabilising attacks such as Denial of Service attacks, attacks
on privacy such as Cross Site Scripting attacks, as well as damaging attacks such as SQL Injection
attacks.
Various components, commonly found in e-assessment systems, are evaluated according to their
security features, security history, their functionality and their standards compliancy. Components
such as Apache and IIS, which typically serve as web servers for e-assessment systems, MySQL
and MSSQL, which act as database servers, and Firefox and MS Internet Explorer, which act as
clients for e-assessment systems, are discussed.
A prototype solution, which uses agents to increase the security of an e-assessment system, is
proposed and evaluated. The prototype solution consists of a network of client agents in the form of
Firefox extensions, who communicate with each other and with an Administrative agent, in the
form of a PHP script, by using an Agent Communication Language which conforms to the standards
set for such a language by the Foundation for Intelligent Physical Agents. Future research and
development considerations are also proposed.